{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T15:45:42Z","timestamp":1772725542455,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":136,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"German Research Foundation (DFG)","award":["502228341"],"award-info":[{"award-number":["502228341"]}]},{"name":"German Research Foundation (DFG)","award":["539710462"],"award-info":[{"award-number":["539710462"]}]},{"name":"German Research Foundation (DFG)","award":["502615015"],"award-info":[{"award-number":["502615015"]}]},{"name":"German Research Foundation (DFG)","award":["465958100"],"award-info":[{"award-number":["465958100"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,30]]},"DOI":"10.1145\/3678890.3678907","type":"proceedings-article","created":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T22:23:36Z","timestamp":1727648616000},"page":"644-659","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["VeriFence: Lightweight and Precise Spectre Defenses for Untrusted Linux Kernel Extensions"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3401-430X","authenticated-orcid":false,"given":"Luis","family":"Gerhorst","sequence":"first","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0828-6862","authenticated-orcid":false,"given":"Henriette","family":"Herzog","sequence":"additional","affiliation":[{"name":"Ruhr-Universit\u00e4t Bochum (RUB), Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3730-533X","authenticated-orcid":false,"given":"Peter","family":"W\u00e4gemann","sequence":"additional","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-2374-5058","authenticated-orcid":false,"given":"Maximilian","family":"Ott","sequence":"additional","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8116-7763","authenticated-orcid":false,"given":"R\u00fcdiger","family":"Kapitza","sequence":"additional","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1818-0869","authenticated-orcid":false,"given":"Timo","family":"H\u00f6nig","sequence":"additional","affiliation":[{"name":"Ruhr-Universit\u00e4t Bochum (RUB), Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2021. Visual Studio 2022: C++ Developer Guidance for Speculative Execution Side Channels. https:\/\/learn.microsoft.com\/en-us\/cpp\/security\/developer-guidance-speculative-execution?view=msvc-170"},{"key":"e_1_3_2_1_2_1","unstructured":"2022. Refined Speculative Execution Terminology. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/best-practices\/refined-speculative-execution-terminology.html"},{"key":"e_1_3_2_1_3_1","unstructured":"2023. Core Scheduling \u2013 The Linux Kernel documentation (v6.5). https:\/\/www.kernel.org\/doc\/html\/v6.5\/admin-guide\/hw-vuln\/core-scheduling.html"},{"key":"e_1_3_2_1_4_1","unstructured":"2023. Debian Manpages \u2013 bpf(2). https:\/\/manpages.debian.org\/bookworm\/manpages-dev\/bpf.2.en.html"},{"key":"e_1_3_2_1_5_1","unstructured":"2023. eBPF verifier \u2013 The Linux Kernel documentation (v6.5). https:\/\/www.kernel.org\/doc\/html\/v6.5\/bpf\/verifier.html We use BPF to refer to the current extended Berkeley Packet Filter facility."},{"key":"e_1_3_2_1_6_1","unstructured":"2023. HID-BPF \u2013 The Linux Kernel documentation (v6.5). https:\/\/www.kernel.org\/doc\/html\/v6.5\/hid\/hid-bpf.html"},{"key":"e_1_3_2_1_7_1","unstructured":"2023. kernel\/bpf\/syscall.c \u2013 Line 2588 \u2013 Linux Kernel Stable Tree \u2013 v6.5.11. https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/tree\/kernel\/bpf\/syscall.c?id=79944183#n2588"},{"key":"e_1_3_2_1_8_1","first-page":"09","volume":"5","year":"2023","unstructured":"2023. Software Techniques for Managing Speculation on AMD Processors - Revision 5.09.23. https:\/\/web.archive.org\/web\/20240313145139\/https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-technical-docs\/tuning-guides\/software-techniques-for-managing-speculation.pdf","journal-title":"Software Techniques for Managing Speculation on AMD Processors - Revision"},{"key":"e_1_3_2_1_9_1","volume-title":"Speculative Processor Vulnerability (Updated","year":"2023","unstructured":"2023. Speculative Processor Vulnerability (Updated December 20, 2023) - Arm Security Center. https:\/\/web.archive.org\/web\/20240324073901\/https:\/\/developer.arm.com\/Arm Security Center\/Speculative Processor Vulnerability"},{"key":"e_1_3_2_1_10_1","unstructured":"2024. Affected Processors: Guidance for Security Issues on Intel\u00ae Processors. https:\/\/web.archive.org\/web\/20240411104155\/https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/topic-technology\/software-security-guidance\/processors-affected-consolidated-product-cpu-model.html"},{"key":"e_1_3_2_1_11_1","unstructured":"2024. SPDK: Storage Performance Development Kit. https:\/\/spdk.io\/"},{"key":"e_1_3_2_1_12_1","unstructured":"Alexander van der Grinten. 2024. The Managarm Project. https:\/\/managarm.org\/"},{"key":"e_1_3_2_1_13_1","unstructured":"ARM. 2018. Firmware interfaces for mitigating cache speculation vulnerabilities \u2013 System Software on Arm Specification (Version 1.3). https:\/\/developer.arm.com\/cache-speculation-vulnerability-firmware-specification"},{"key":"e_1_3_2_1_14_1","unstructured":"ARM. 2021. ARM Documentation \u2013 DIT Data Independent Timing \u2013 Arm Armv8-A Architecture Registers. https:\/\/developer.arm.com\/documentation\/ddi0595\/2021-06\/AArch64-Registers\/DIT\u2013Data-Independent-Timing"},{"key":"e_1_3_2_1_15_1","unstructured":"Jens Axboe. 2019. [PATCHSET v5] io_uring IO interface (Mail). https:\/\/lore.kernel.org\/linux-block\/20190116175003.17880-1-axboe@kernel.dk\/"},{"key":"e_1_3_2_1_16_1","unstructured":"Pavel Begunkov. 2021. io_uring: BPF controlled I\/O. https:\/\/lpc.events\/event\/11\/contributions\/901\/"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 14th Symposium on Operating Systems Design and Implementation (OSDI\u201920)","author":"Behrens Jonathan","year":"2020","unstructured":"Jonathan Behrens, Anton Cao, Cel Skeggs, Adam Belay, M\u00a0Frans Kaashoek, and Nickolai Zeldovich. 2020. Efficiently mitigating transient execution attacks using the unmapped speculation contract. In Proceedings of the 14th Symposium on Operating Systems Design and Implementation (OSDI\u201920) (2020). USENIX, 1139\u20131154. https:\/\/www.usenix.org\/conference\/osdi20\/presentation\/behrens"},{"key":"e_1_3_2_1_18_1","unstructured":"Kristof Beyls. 2018. D41760: Introduce __builtin_load_no_speculate. https:\/\/reviews.llvm.org\/D41760"},{"key":"e_1_3_2_1_19_1","unstructured":"Kristof Beyls. 2018. D49070: Introduce llvm.speculation_safe_value intrinsic. https:\/\/reviews.llvm.org\/D49070"},{"key":"e_1_3_2_1_20_1","unstructured":"Kristof Beyls. 2018. D49073 from the LLVM Phabricator archive: Introducing __builtin_speculation_safe_value. https:\/\/reviews.llvm.org\/D49073"},{"key":"e_1_3_2_1_21_1","unstructured":"Suparna Bhattacharya Steven Pratt Badari Pulavarty and Janet Morgan. 2003. Asynchronous I\/O Support in Linux 2.5. https:\/\/www.kernel.org\/doc\/ols\/2003\/ols2003-pages-351-366.pdf"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363194"},{"key":"e_1_3_2_1_23_1","volume-title":"BPF and Spectre: Mitigating transient execution attacks. https:\/\/www.youtube.com\/watch?v=6N30Yp5f9c4 eBPF Summit","author":"Borkmann Daniel","year":"2021","unstructured":"Daniel Borkmann. 2021. BPF and Spectre: Mitigating transient execution attacks. https:\/\/www.youtube.com\/watch?v=6N30Yp5f9c4 eBPF Summit 2021."},{"key":"e_1_3_2_1_24_1","unstructured":"Daniel Borkmann Jann Horn and Alexei Starovoitov. 2019. Linux Kernel Source Tree \u2013 bpf: prevent out of bounds speculation on pointer arithmetic (commit #979d63d5). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=979d63d5"},{"key":"e_1_3_2_1_25_1","unstructured":"Daniel Borkmann Piotr Krysiuk John Fastabend and Alexei Starovoitov. 2021. Linux Kernel Source Tree \u2013 bpf: Fix leakage of uninitialized bpf stack under speculation (commit #801c60). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=801c6058"},{"key":"e_1_3_2_1_26_1","unstructured":"Daniel Borkmann Piotr Krysiuk Benedict Schlueter John Fastabend and Alexei Starovoitov. 2021. Linux Kernel Source Tree \u2013 bpf: Tighten speculative pointer arithmetic mask (commit #7fedb6). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=7fedb63a"},{"key":"e_1_3_2_1_27_1","unstructured":"Daniel Borkmann Piotr Krysiuk Benedict Schlueter and Alexei Starovoitov. 2021. Linux Kernel Source Tree \u2013 bpf: Fix leakage due to insufficient speculative store bypass mitigation (commit #2039f2). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=2039f26f"},{"key":"e_1_3_2_1_28_1","unstructured":"Daniel Borkmann Adam Morrison Ofek Kirzner Benedict Schl\u00fcter Piotr Krysiuk John Fastabend and Alexei Starovoitov. 2021. Linux Kernel Source Tree \u2013 bpf: Fix leakage under speculation on mispredicted branches (commit #918367). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=9183671a"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","unstructured":"Scott Buckley Robert Sison Nils Wistoff Curtis Millar Toby Murray Gerwin Klein and Gernot Heiser. 2023. Proving the Absence of Microarchitectural Timing Channels. https:\/\/doi.org\/10.48550\/arXiv.2310.17046","DOI":"10.48550\/arXiv.2310.17046"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security \u201918)","author":"Bulck Jo\u00a0Van","year":"2018","unstructured":"Jo\u00a0Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas\u00a0F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In Proceedings of the 27th USENIX Security Symposium (USENIX Security \u201918). USENIX, 991. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/bulck"},{"key":"e_1_3_2_1_31_1","unstructured":"Mathias Bynens. 2018. V8 Docs \u2013 Untrusted code mitigations. https:\/\/v8.dev\/docs\/untrusted-code-mitigations#sandbox-untrusted-execution-in-a-separate-process"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security \u201919)","author":"Canella Claudio","year":"2019","unstructured":"Claudio Canella, Jo Van\u00a0Bulck, Michael Schwarz, Moritz Lipp, Benjamin Von\u00a0Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. A systematic evaluation of transient execution attacks and defenses. In Proceedings of the 28th USENIX Security Symposium (USENIX Security \u201919). USENIX, 249\u2013266. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/canella"},{"key":"e_1_3_2_1_33_1","unstructured":"Chandler Carruth. 2018. [llvm-dev]RFC: Speculative Load Hardening (a Spectre variant #1 mitigation). https:\/\/lists.llvm.org\/pipermail\/llvm-dev\/2018-March\/122085.html"},{"key":"e_1_3_2_1_34_1","unstructured":"Chandler Carruth. 2024. Speculative Load Hardening \u2014 LLVM 16.0.0git documentation. https:\/\/llvm.org\/docs\/SpeculativeLoadHardening.html"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3385970"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833707"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","unstructured":"Sunjay Cauligi Marco Guarnieri Daniel Moghimi Deian Stefan and Marco Vassena. 2022. A Turning Point for Verified Spectre Sandboxing. https:\/\/doi.org\/10.48550\/arXiv.2208.01548","DOI":"10.48550\/arXiv.2208.01548"},{"key":"e_1_3_2_1_38_1","unstructured":"Shaun Crampton. 2020. Introducing the Calico eBPF dataplane. https:\/\/www.tigera.io\/blog\/introducing-the-calico-ebpf-dataplane\/"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3609021.3609299"},{"key":"e_1_3_2_1_40_1","unstructured":"Nikita\u00a0Shirokov Dasineni Ranjeeth. 2018. Engineering at Meta \u2013 Open-sourcing Katran a scalable network load balancer. https:\/\/engineering.fb.com\/2018\/05\/22\/open-source\/open-sourcing-katran-a-scalable-network-load-balancer\/"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3609021.3609306"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3534056.3534945"},{"key":"e_1_3_2_1_43_1","unstructured":"Jake Edge. 2022. Progress for unprivileged containers. https:\/\/lwn.net\/Articles\/909627\/"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","unstructured":"Xaver Fabian Marco Guarnieri and Marco Patrignani. 2022. Automatic Detection of Speculative Execution Combinations. https:\/\/doi.org\/10.48550\/arXiv.2209.01179","DOI":"10.48550\/arXiv.2209.01179"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1217935.1217953"},{"key":"e_1_3_2_1_46_1","unstructured":"Luis Gerhorst. 2023. [PATCH 2\/3] Revert \"bpf: Fix issue in verifying allow_ptr_leaks\". https:\/\/lore.kernel.org\/bpf\/20230913122827.91591-1-gerhorst@amazon.de\/"},{"key":"e_1_3_2_1_47_1","unstructured":"Luis Gerhorst. 2023. Re: [PATCH 2\/3] Revert \"bpf: Fix issue in verifying allow_ptr_leaks\". https:\/\/lore.kernel.org\/bpf\/20230928110927.115238-1-gerhorst@amazon.de\/"},{"key":"e_1_3_2_1_48_1","unstructured":"Luis Gerhorst and Daniel Borkmann. 2023. Linux Kernel Source Tree \u2013 bpf: Remove misleading spec_v1 check on var-offset stack read (commit #082cdc). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=082cdc69"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3477113.3487267"},{"key":"e_1_3_2_1_50_1","unstructured":"Luis Gerhorst Henriette Hofmeier and Daniel Borkmann. 2023. Linux Kernel Source Tree \u2013 bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (commit #e4f4db47). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/bpf\/bpf.git\/commit\/?id=e4f4db47"},{"key":"e_1_3_2_1_51_1","unstructured":"Elazar Gershuni. 2022. Use verifier to identify dependent reads that require speculative load hardening (GitHub Issue #229 vbpf\/ebpf-verifier). https:\/\/github.com\/vbpf\/ebpf-verifier\/issues\/229"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314590"},{"key":"e_1_3_2_1_53_1","unstructured":"Yossi Gottlieb YaacovHazan (GitHub User) Filipe Oliveira and Oran Agra. 2022. memtier_benchmark \u2013 v1.4.0 \u2013 NoSQL Redis and Memcache traffic generation and benchmarking tool. https:\/\/github.com\/RedisLabs\/memtier_benchmark\/tree\/29f51a82"},{"key":"e_1_3_2_1_54_1","unstructured":"Thomas Graf Andr\u00e9 Martins Joe Stringer and Paul Chaignon. 2021. CNI Performance Benchmark \u2014 Cilium documentation. https:\/\/docs.cilium.io\/en\/v1.12\/operations\/performance\/benchmark\/"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2909476"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00011"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3421473.3421475"},{"key":"e_1_3_2_1_58_1","unstructured":"Tejun Heo. 2023. [PATCHSET v3] sched: Implement BPF extensible scheduler class. https:\/\/lore.kernel.org\/all\/20230317213333.2174969-1-tj@kernel.org\/"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607248"},{"key":"e_1_3_2_1_60_1","unstructured":"Henriette Hofmeier. 2022. Dynamic Reconfiguration of Hardware-Vulnerability Mitigations in the Linux Kernel. https:\/\/sys.cs.fau.de\/publications\/2022\/hofmeier_22_thesis.pdf"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/1243418.1243424"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3281411.3281443"},{"key":"e_1_3_2_1_63_1","unstructured":"Intel. 2018. Managed Runtime Speculative Execution Side Channel Mitigations. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/technical-documentation\/runtime-speculative-side-channel-mitigations.html"},{"key":"e_1_3_2_1_64_1","unstructured":"Intel. 2018. Speculative Store Bypass \/ CVE-2018-3639 \/ INTEL-SA-00115. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/advisory-guidance\/speculative-store-bypass.html"},{"key":"e_1_3_2_1_65_1","unstructured":"Intel. 2020. An optimized mitigation approach for Load Value Injection. https:\/\/www.intel.com\/content\/www\/us\/en\/develop\/articles\/software-security-guidance\/best-practices\/optimized-mitigation-approach-load-value-injection.html"},{"key":"e_1_3_2_1_66_1","unstructured":"Intel. 2023. Data Operand Independent Timing Instructions. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/resources\/data-operand-independent-timing-instructions.html"},{"key":"e_1_3_2_1_67_1","unstructured":"Intel. 2023. Data Operand Independent Timing ISA Guidance. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/best-practices\/data-operand-independent-timing-isa-guidance.html"},{"key":"e_1_3_2_1_68_1","unstructured":"Javier Honduvilla Coto. 2023. parca-dev\/parca-agent (GitHub) \u2013 v0.27.0. https:\/\/github.com\/parca-dev\/parca-agent"},{"key":"e_1_3_2_1_69_1","unstructured":"Devin Jeanpierre and Chandler Carruth. 2020. Mitigating Spectre v1 Attacks in C++. https:\/\/www.open-std.org\/jtc1\/sc22\/wg21\/docs\/papers\/2020\/p0928r1.pdf"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","unstructured":"Jinghao Jia YiFei Zhu Dan Williams Andrea Arcangeli Claudio Canella Hubertus Franke Tobin Feldman-Fitzthum Dimitrios Skarlatos Daniel Gruss and Tianyin Xu. 2023. Programmable System Call Security with eBPF. https:\/\/doi.org\/10.48550\/arXiv.2302.10366","DOI":"10.48550\/arXiv.2302.10366"},{"key":"e_1_3_2_1_71_1","unstructured":"Alan Jowett. 2021. (PREVAIL) Spectre Mitigations Issue (GitHub Issue #229 vbpf\/ebpf-verifier). https:\/\/github.com\/vbpf\/ebpf-verifier\/issues\/229"},{"key":"e_1_3_2_1_72_1","unstructured":"Daniel Kim and Robert Prast. 2022. Triaging Real-time Security Threats with eBPF-powered Observability. https:\/\/www.usenix.org\/conference\/srecon22americas\/presentation\/kim"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616611"},{"key":"e_1_3_2_1_74_1","volume-title":"Proceedings of the 30th USENIX Security Symposium (USENIX Security \u201921)","author":"Kirzner Ofek","year":"2021","unstructured":"Ofek Kirzner and Adam Morrison. 2021. An Analysis of Speculative Type Confusion Vulnerabilities in the Wild. In Proceedings of the 30th USENIX Security Symposium (USENIX Security \u201921). USENIX, 2399\u20132416."},{"key":"e_1_3_2_1_75_1","unstructured":"Paul Kocher. 2018. Spectre Mitigations in Microsoft\u2019s C\/C++ Compiler. https:\/\/www.paulkocher.com\/doc\/MicrosoftCompilerSpectreMitigation.html"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_1_77_1","unstructured":"Greg Kroah-Hartman Linus Torvalds David\u00a0S. Miller and Arnd Bergmann. 2023. Linux Kernel Stable Tree \u2013 v6.5.11. https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/stable\/linux.git\/tree\/?id=79944183 BPF Samples from samples\/bpf and Kernel Selftests from tools\/testing\/selftests\/bpf.."},{"key":"e_1_3_2_1_78_1","unstructured":"Piotr Krysiuk Benedict Schl\u00fcter and Daniel Borkmann. 2022. BPF and Spectre: Mitigating transient execution attacks. https:\/\/popl22.sigplan.org\/details\/prisc-2022-papers\/11\/BPF-and-Spectre-Mitigating-transient-execution-attacks Keynote at PriSC\u201922."},{"key":"e_1_3_2_1_79_1","volume-title":"Dustin Sallings, and Brad Fitzpatrick.","author":"Lamb Chris","year":"2020","unstructured":"Chris Lamb, dormando (GitHub User), Dustin Sallings, and Brad Fitzpatrick. 2020. memcached \u2013 v1.6.9. https:\/\/packages.debian.org\/bullseye\/web\/memcached"},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","unstructured":"Zhilu Lian Yangzi Li Zhixiang Chen Shiwen Shan Baoxin Han and Yuxin Su. 2022. eBPF-based Working Set Size Estimation in Memory Management. 188\u2013195\u00a0pages. https:\/\/doi.org\/10.1109\/ICSS55994.2022.00036","DOI":"10.1109\/ICSS55994.2022.00036"},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/3357033"},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2301.13421"},{"key":"e_1_3_2_1_83_1","unstructured":"Bruce\u00a0A. Mah Jef Poskanzer Jon Dugan and Brian Tierney. 2020. iperf3 \u2013 v3.9 (cJSON 1.7.13). https:\/\/packages.debian.org\/bullseye\/iperf3"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICEIC51217.2021.9369763"},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359837"},{"key":"e_1_3_2_1_86_1","unstructured":"Andrei Matei and Alexei Starovoitov. 2021. Linux Kernel Source Tree\u2013 bpf: Allow variable-offset stack access (commit #01f810). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit?id=01f810ac"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","unstructured":"Ross Mcilroy Jaroslav Sevcik Tobias Tebbi Ben\u00a0L Titzer and Toon Verwaest. 2019. Spectre is here to stay: An analysis of side-channels and speculative execution. https:\/\/doi.org\/10.48550\/arXiv.1902.05178","DOI":"10.48550\/arXiv.1902.05178"},{"key":"e_1_3_2_1_88_1","volume-title":"DPDK: Data Plane Development Kit \u2013 v24.03","author":"Monjalon Thomas","year":"2024","unstructured":"Thomas Monjalon, Bruce Richardson, Qi\u00a0Z. Zhang, and Stephen Hemminger. 2024. DPDK: Data Plane Development Kit \u2013 v24.03. http:\/\/git.dpdk.org\/dpdk\/tree\/?h=v24.03&id=a9778aad"},{"key":"e_1_3_2_1_89_1","volume-title":"Daniel M\u00fcller, and Hengqi Chen.","author":"Nakryiko Andrii","year":"2022","unstructured":"Andrii Nakryiko, waruqi (GitHub User), Daniel M\u00fcller, and Hengqi Chen. 2022. libbpf\/libbpf-bootstrap (GitHub, commit #a7c0f7). https:\/\/github.com\/libbpf\/libbpf-bootstrap\/tree\/a7c0f7e4"},{"key":"e_1_3_2_1_90_1","volume-title":"Proceeding of the 30th USENIX Security Symposium (USENIX Security \u201921)","year":"2021","unstructured":"Narayan, Disselkoen, Moghimi, and others. 2021. Swivel: Hardening WebAssembly against Spectre. In Proceeding of the 30th USENIX Security Symposium (USENIX Security \u201921). USENIX, 1433\u20131450. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/narayan"},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2111.12528"},{"key":"e_1_3_2_1_92_1","volume-title":"Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20)","author":"Nelson Luke","year":"2020","unstructured":"Luke Nelson, Jacob\u00a0Van Geffen, Emina Torlak, and Xi Wang. 2020. Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel. In Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20). USENIX Association, 41\u201361. https:\/\/www.usenix.org\/conference\/osdi20\/presentation\/nelson"},{"key":"e_1_3_2_1_93_1","unstructured":"Luke Nelson and Xi Wang. 2022. Exoverifier (GitHub commit #a0166f6). https:\/\/github.com\/uw-unsat\/exoverifier\/tree\/a0166f6"},{"key":"e_1_3_2_1_94_1","unstructured":"Luke Nelson Xi Wang and Emina Torlak. 2021. A proof-carrying approach to building correct and flexible in-kernel verifiers. https:\/\/homes.cs.washington.edu\/\u00a0lukenels\/slides\/2021-09-23-lpc21.pdf Linux Plumbers Conference (LPC\u201921)."},{"key":"e_1_3_2_1_95_1","unstructured":"nik-netlox (GitHub User). 2023. SCTP: >10x BPF program runtime compared to TCP (GitHub Issue #447 loxilb). https:\/\/github.com\/loxilb-io\/loxilb\/issues\/447#issuecomment-1832999598"},{"key":"e_1_3_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368826.3377921"},{"key":"e_1_3_2_1_97_1","doi-asserted-by":"publisher","unstructured":"Oleksii Oleksenko Bohdan Trach Tobias Reiher Mark Silberstein Christof Fetzer and T\u00a0U Dresden. 2018. You Shall Not Bypass: Employing data dependencies to prevent Bounds Check Bypass. https:\/\/doi.org\/10.48550\/arXiv.1805.08506v3","DOI":"10.48550\/arXiv.1805.08506v3"},{"key":"e_1_3_2_1_98_1","unstructured":"Tomasz Osi\u0144ski. 2020. p4c-ubpf: a New Back-end for the P4 Compiler. https:\/\/opennetworking.org\/news-and-events\/blog\/p4c-ubpf-a-new-back-end-for-the-p4-compiler\/"},{"key":"e_1_3_2_1_99_1","volume-title":"nik-netlox (GitHub User), and UltraInstinct14 (GitHub User)","author":"GitHub PacketCrunch","year":"2024","unstructured":"PacketCrunch (GitHub User), TrekkieCoder (GitHub User), nik-netlox (GitHub User), and UltraInstinct14 (GitHub User). 2024. loxilb: eBPF based cloud-native load-balancer (GitHub) \u2013 v0.9.0. https:\/\/github.com\/loxilb-io\/loxilb"},{"key":"e_1_3_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484534"},{"key":"e_1_3_2_1_101_1","unstructured":"Filip Pizlo. 2018. What Spectre and Meltdown Mean For WebKit. https:\/\/webkit.org\/blog\/8048\/what-spectre-and-meltdown-mean-for-webkit\/"},{"key":"e_1_3_2_1_102_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security \u201919)","author":"Reis Charles","year":"2019","unstructured":"Charles Reis, Alexander Moshchuk, and Nasko Oskov. 2019. Site Isolation: Process Separation for Web Sites within the Browser. In Proceedings of the 28th USENIX Security Symposium (USENIX Security \u201919). USENIX, 1661\u20131678. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/reis"},{"key":"e_1_3_2_1_103_1","unstructured":"Rami Rosen. 2017. Network acceleration with DPDK [LWN.net]. https:\/\/lwn.net\/Articles\/725254\/"},{"key":"e_1_3_2_1_104_1","unstructured":"Ragnar Rova Will Glozer Gil Tene and Michael Barker. 2023. wrk2 (GitHub commit #920ce1e). https:\/\/github.com\/rrva\/wrk2\/tree\/920ce1e"},{"key":"e_1_3_2_1_105_1","unstructured":"Benedict Schl\u00fcter. 2021. Security Analysis of eBPF. Bachelor\u2019s Thesis. Ruhr-Universit\u00e4t Bochum (RUB)."},{"key":"e_1_3_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354252"},{"key":"e_1_3_2_1_107_1","doi-asserted-by":"publisher","unstructured":"Michael Schwarz Martin Schwarzl Moritz Lipp and Daniel Gruss. 2018. NetSpectre: Read arbitrary memory over network. https:\/\/doi.org\/10.48550\/arXiv.1807.10535","DOI":"10.48550\/arXiv.1807.10535"},{"key":"e_1_3_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1145\/3337167.3337175"},{"key":"e_1_3_2_1_109_1","unstructured":"Yafang Shao. 2023. Re: [PATCH 2\/3] Revert \"bpf: Fix issue in verifying allow_ptr_leaks\". https:\/\/patchwork.kernel.org\/project\/linux-kselftest\/patch\/20230913122827.91591-1-gerhorst@amazon.de\/#25515964"},{"key":"e_1_3_2_1_110_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179355"},{"key":"e_1_3_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179418"},{"key":"e_1_3_2_1_112_1","unstructured":"Yonghong Song Brendan Gregg Sasha Goldshtein and Teng Qin. 2023. BCC \u2013 v0.27.0. https:\/\/github.com\/iovisor\/bcc\/tree\/v0.27.0 We use the libbpf-based variants from the libbpf-tools folder."},{"key":"e_1_3_2_1_113_1","unstructured":"Alexei Starovoitov. 2023. Re: [PATCH 2\/3] Revert \"bpf: Fix issue in verifying allow_ptr_leaks\". https:\/\/patchwork.kernel.org\/project\/linux-kselftest\/patch\/20230913122827.91591-1-gerhorst@amazon.de\/#25516346"},{"key":"e_1_3_2_1_114_1","unstructured":"Alexei Starovoitov John Fastabend and Daniel Borkmann. 2018. Linux Kernel Source Tree \u2013 bpf: prevent out-of-bounds speculation (commit #b2157399cc98). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=b2157399cc98"},{"key":"e_1_3_2_1_115_1","unstructured":"Alexei Starovoitov Joanne Koong Andrii Nakryiko and Jakub Kicinski. 2023. kernel\/bpf\/verifier.c \u2013 Line 644 \u2013 Linux Kernel Stable Tree \u2013 v6.5.11. https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/stable\/linux.git\/tree\/kernel\/bpf\/verifier.c?id=79944183#n644"},{"key":"e_1_3_2_1_116_1","unstructured":"Joe Stringer Jussi M\u00e4ki Andr\u00e9 Martins and Thomas Graf. 2022. cilium\/cilium (GitHub) \u2013 v1.12.5. https:\/\/github.com\/cilium\/cilium\/tree\/v1.12.5"},{"key":"e_1_3_2_1_117_1","volume-title":"Titzer and Jaroslav Sevcik","author":"L.","year":"2019","unstructured":"Ben\u00a0L. Titzer and Jaroslav Sevcik. 2019. A year with Spectre: a V8 perspective. https:\/\/v8.dev\/blog\/spectre"},{"key":"e_1_3_2_1_118_1","unstructured":"Linux Torvalds Delyan Kratunov Jiri Olsa and Milan Landaverde. 2022. bpftool \u2013 v5.18 (Linux kernel release). https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/stable\/linux.git\/tree\/tools\/bpf\/bpftool?h=v5.18 We use an older version because the latest version does not support legacy map definitions that are still used by many projects. This does not impact the in-kernel verification and JIT compilation (and thereby our results)."},{"key":"e_1_3_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1145\/3434330"},{"key":"e_1_3_2_1_120_1","doi-asserted-by":"publisher","DOI":"10.1145\/3371038"},{"key":"e_1_3_2_1_121_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO53902.2022.9741267"},{"key":"e_1_3_2_1_122_1","unstructured":"Wasmtime. 2024. Wasmtime Docs \u2013 Security. https:\/\/docs.wasmtime.dev\/security.html#spectre"},{"key":"e_1_3_2_1_123_1","unstructured":"Erik Wenzel Grant Grundler Gavin Brebner and Marcelo\u00a0Ricardo Leitner. 2020. netperf \u2013 v2.7.0. https:\/\/packages.debian.org\/bullseye\/netperf"},{"key":"e_1_3_2_1_124_1","unstructured":"Hadley Wickham Winston Chang Lionel Henry and Thomas\u00a0Lin Pedersen. 2024. ggplot2 3.5.0: A box and whiskers plot (in the style of Tukey) \u2014 geom_boxplot. https:\/\/ggplot2.tidyverse.org\/reference\/geom_boxplot.html"},{"key":"e_1_3_2_1_125_1","unstructured":"Rafael\u00a0J. Wysocki. 2023. CPU Performance Scaling \u2013 The Linux Kernel documentation (v6.5). https:\/\/www.kernel.org\/doc\/html\/v6.5\/admin-guide\/pm\/cpufreq.html#generic-scaling-governors"},{"key":"e_1_3_2_1_126_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442479"},{"key":"e_1_3_2_1_127_1","volume-title":"Alastair Robertson, and Viktor Mal\u00edk.","author":"Xu Daniel","year":"2022","unstructured":"Daniel Xu, fbs (GitHub User), Alastair Robertson, and Viktor Mal\u00edk. 2022. bpftrace \u2013 v0.20.3. https:\/\/github.com\/bpftrace\/bpftrace\/tree\/v0.20.3"},{"key":"e_1_3_2_1_128_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMTMA54903.2022.00139"},{"key":"e_1_3_2_1_129_1","doi-asserted-by":"publisher","DOI":"10.1145\/3609021.3609307"},{"key":"e_1_3_2_1_130_1","doi-asserted-by":"publisher","DOI":"10.1109\/CloudCom.2017.14"},{"key":"e_1_3_2_1_131_1","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358274"},{"key":"e_1_3_2_1_132_1","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPS.2005.189"},{"key":"e_1_3_2_1_133_1","doi-asserted-by":"publisher","unstructured":"Ioannis Zarkadas Tal Zussman Jeremy Carin Sheng Jiang Yuhong Zhong Jonas Pfefferle Hubertus Franke Junfeng Yang Kostis Kaffes Ryan Stutsman and Asaf Cidon. 2023. BPF-oF: Storage Function Pushdown Over the Network. https:\/\/doi.org\/10.48550\/arXiv.2312.06808","DOI":"10.48550\/arXiv.2312.06808"},{"key":"e_1_3_2_1_134_1","unstructured":"Zhiyuan Zhang Gilles Barthe Chitchanok Chuengsatiansup Peter Schwabe and Yuval Yarom. 2022. Breaking and Fixing Speculative Load Hardening. https:\/\/www.cryptojedi.org\/papers\/uslh-20220605.pdf"},{"key":"e_1_3_2_1_135_1","volume-title":"Proceedings of the 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI \u201922)","author":"Zhong Yuhong","year":"2022","unstructured":"Yuhong Zhong, Haoyu Li, Yu\u00a0Jian Wu, Ioannis Zarkadas, Jeffrey Tao, Evan Mesterhazy, Michael Makris, Junfeng Yang, Amy Tai, Ryan Stutsman, and Asaf Cidon. 2022. XRP: In-Kernel Storage Functions with eBPF. In Proceedings of the 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI \u201922). USENIX Association, Carlsbad, CA, 375\u2013393. https:\/\/www.usenix.org\/conference\/osdi22\/presentation\/zhong"},{"key":"e_1_3_2_1_136_1","volume-title":"Userspace Bypass: Accelerating Syscall-intensive Applications. In 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI 23)","author":"Zhou Zhe","year":"2023","unstructured":"Zhe Zhou, Yanxiang Bi, Junpeng Wan, Yangfan Zhou, and Zhou Li. 2023. Userspace Bypass: Accelerating Syscall-intensive Applications. In 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI 23). USENIX Association, Boston, MA, 33\u201349. https:\/\/www.usenix.org\/conference\/osdi23\/presentation\/zhou-zhe"}],"event":{"name":"RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Padua Italy","acronym":"RAID '24"},"container-title":["The 27th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678907","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678890.3678907","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:00Z","timestamp":1750295880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678907"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,30]]},"references-count":136,"alternative-id":["10.1145\/3678890.3678907","10.1145\/3678890"],"URL":"https:\/\/doi.org\/10.1145\/3678890.3678907","relation":{},"subject":[],"published":{"date-parts":[[2024,9,30]]},"assertion":[{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}